Trellix Endpoint Security Reviews

We use this product for our endpoint security.

The most valuable features are:  

- reporting facility using the ePO console for conformity and threat identification  

- using the advanced threat protection (ATP) 

- MNE module for customising and securing Windows Bitlocker.

We know that McAfee isn't the best antivirus and it can't protect us 100%, although we are okay with the level of protection that it gives us. I don't think that the problem lies in the antivirus, but rather, it's the user. Users are not happy with the antivirus and they try to solve the issue on their own, and that causes very big problems.

The is an incompatibility problem between Mcafee and Linux subsystem for Windows, another that has to do with Outlook and scripts. McAfee knows that, but the problem can't be solved at this time so we try to minimize the effect.

We have been using McAfee Endpoint Security for ten years.

In terms of stability, we haven't had many problems.

We use that solution for more that 10k station and servers, and we have space to grow...

The support that we get from McAfee is excellent.

We tried Bitdefender, F-Secure, and many other products before settling on McAfee. When our central agency switched to McAfee, we all adopted it.

The price of this product is good.

One of our subsidiaries has tried to switch products, although I don't know the reason why. Ultimately, the project was aborted.

My advice for anybody who is looking at McAfee Endpoint Security is simply to use it.

I would rate this solution an eight out of ten.

I personally really like what the folks at Intel did when creating the Endpoint Protection Suites. Running the EASI.exe installer from the .zip file simplifies the build process for newer administrators and engineers by installing a base-system tree, basic policies, and streamlining the installation process. 

What most don't seem to grasp is that Endpoint Protection is a Suite Install Package. There are 6 different versions of Endpoint Protection, each coming with different applications installed. Primarily, I usually install the Endpoint Protection Advanced Suite (EPA) & Complete Endpoint Protection Suite (CEE). I recommend installing SQL either on the same box as ePO if you're managing under 5000 endpoints, or on a separate SQL server if higher, overusing the SQL Express that comes with the Installer. The primary reason is that if you use SQL Express, you do not have access to SQL Management Studio. Having access to the data tables and being able to clean up the space on the SQL server over time will be a must. The Complete Endpoint Suite has certainly simplified the build procedure.

I have been installing ePO and the separate modules for years. I am a bit biased on Intel Security products as it is how I make my living as a Subject Matter Expert .

There are a few things I wish the folks at Intel would fix. 

The primary for me is with the ePO Query creation. Queries in ePO are powerful tools as they can be used to create dashboards, server tasks, and be exported or rolled up to Senior Management. In older versions of ePO (4.0 & 4.5) the Queries, gave a wide range of data. With ePO 4.6, 5.0, 5.1 & 5.3 the data could be pulled from various installed products to get the data that you were looking for, with the current versions of ePO you can only pull the fields listed in the "Result Type/Feature Group" and it is very limited.

A good example...If i wanted to try and create one report that shows all Common Configuration Enumeration (CCE) data (this data comes from Policy Auditor) while also showing what software is installed from each system  (this data comes from Application Control) and adding in fields such as IPv4, FQDN, OS version, Domain...Simplified, if I could pull Hardware Asset, Software Asset, CCE Data, and Policy Auditor Scoring all on one report, it would make my life so much easier. 

Alas, this cannot be done with the current Query Building setup. The fields that are available are limited to each application installed and are only for that application.

Some of the solution's primary use cases include successfully adding devices through ESM GUI and setting up data storage via ELM.

Trellix Endpoint Security's dashboard is very flexible, and I can create my own user-specific dashboard depending on user privilege or preference.

With Trellix Endpoint Security, adding a device as a data source can be done one by one. Whenever I try to add a device like a firewall or a server, the accounts are enrolled one by one per added data source. It would be a lot easier if I could add multiple user accounts within a single device.

I have been testing Trellix Endpoint Security for around three months.

I have tried to contact the solution's technical support team. Whenever I tried to ask for partner support, the Trellix website would ask for my company email details. Then an email would come to my inbox saying that Trellix would get back to me shortly, but unfortunately, they did not. So I couldn't contact Trellix Endpoint Security's technical support.

I have worked with other security tools, such as CrowdStrike. The flexibility of the dashboard and filtering are useful features in Trellix Endpoint Security. Also, adding different elements to the SIEM infrastructure is not that complicated with Trellix Endpoint Security.

There's no need for any additional configuration settings to install Trellix Endpoint Security. You just access the web UI, and that's it.

It took me two months to implement Trellix Endpoint Security because of our company's hardware limitations.

My implementation strategy for Trellix Endpoint Security was to build a demonstration based on what the company would like me to do. So I built a SIEM infrastructure and got the images of the different tools first. Then from there, I tried to connect the different devices before I connected the data sources.

My advice is that users should have a fair background in MQL, which really helps a lot in investigating.

Overall, I rate Trellix Endpoint Security an eight out of ten.

It covers the AV and malware security piece.

It's mainly for compliance. In terms of products in the market, it's probably not the best, but it's the one that is already paid for under the corporate buy. It basically checks the box that we're doing malware threat prevention and antivirus protection.

It can be deployed quickly, and it's scalable. Those are the two advantages of it.

Trying to move away from the signature model for antivirus and malware blocking is something that would be nice. Instead of having to update every day, which is signature-based, moving to more of a kernel or architecture-based model would probably be beneficial.

It has probably been about a year since we rolled it out.

There are no issues. They continue to put out updates weekly or daily. The platform seems to be fairly mature.

It's definitely scalable.

Their tech support is average.

It's pretty straightforward. It can be automated from the central ePolicy orchestrator server. So, the installation is fairly easy because you can automate it with the deployment of your virtual machines and things like that.

I would rate it a three out of five in terms of cost.

I would rate it a seven out of ten. That's mainly because it seems like there are additional security features that could be built into it, or from the signature-based model, it could move to a different model.

I have found DLP to be a valuable feature.

When it comes to DLP or McAfee Security Encryption, with which I am happy, I like to make use of the solution for Vault, but find that the encryption is problematic. The system needs reforming. Suppose the solution is utilized on a laptop or desktop and the client wishes to make an assignment to another person but forgot his password. The data cannot be archived or backed up. 

I have been using McAfee Endpoint Security for the past five years.

The solution is reliable.

Previously, I used the solution for a single site consisting of nearly 300 users. However, as I found it to also be a good tool for DLP endpoint, I now use it for another client with nearly 700 users.

Counting from one to ten, this being the highest, I fully support the solution's technical services.

The initial setup is very simple, allowing a person to get the videos or documents on the internet. 

The deployment takes one to two days.

I do licensing on an annual basis and this is what I always recommend to my clients over the monthly option. This is because all my clients are long-term and do not wish to pay on a monthly basis, instead preferring licenses of, perhaps, three years with an additional one or two year option. 

I am using the latest version of the solution minus one. 

Some of our clients deploy the solution on-premises and others use clouds, such as AWS or IBM Cloud. I'm actually a service partner with IBM Cloud and the community manager with AWS Cloud.

We currently have two or three clients utilizing the solution and it can be said that it is a good product. 

The solution is really good and competitively priced, so someone wishing to secure his enterprise or make use of it in an inexpensive fashion should do so. 

I would rate it a seven out of ten. 

I work for a company that is a McAfee partner. We sell the solution, and we have engineers that implement the solutions. Basically, I am part of the technical staff that implements the solution on-premise.

We use endpoint security for our clients. We configure policies to scan the computer every single day in some cases and every week or even every moment. Basically, it protects the endpoint, and we have policies to do advanced threat protection.

Thanks to the implementation of this tool, we have managed to avoid massive virus infection, have visibility into console events and be able to implement action plans to contain threats.

Threat prevention is valuable because most clients use other solutions like antivirus as part of web protection. I don't find that kind of solution useful. We use the firewall to protect the client's network or even blocks and some kind of traffic that the computer received. The ATP model, I think, is one of the most important features because it can protect the computer when an application doesn't work as expected. It will alert and send messages to the ePO, and we can see everything.

The local technical support could be better. It would also help if the engineers can develop some automation features for the on-prem ePO. For example, in the on-prem ePO, you can store the endpoint using the IP address or using text, or using the default version. But in the MVISION ePO, you don't have that kind of feature. It's complicated to sort the endpoint because you have to do it manually.

I also think the detailed level of the detection could be better. In some cases, it's very complicated to figure out which file is the one that is actually impacted, depending on the dashboard you see. The dashboard is one of the most important things in the ePO because it's where you can see everything in a central location. But sometimes, you need to change from one view to another view to find what you're looking for.

I have been using McAfee Endpoint Security for about three years.

It's very stable. It works as expected, and I am very happy with this solution.

This is a very flexible product. It can be installed on a single physical or virtual server, or well installed on a windows cluster, and if you want to explore other modes it can also be implemented in the AWS cloud or as a SAAS.

In some cases, if the report comes from India or America, it's basically an open and shut case. But if the support comes from Latin America, you probably have to scale that problem to another area or another region. You need a person that has more experience with the product.

No. 

The initial setup can be both straightforward or complex. Some documentation on clients is very slow. Basically, we spent time implementing the ePO version because sometimes the database from the ePO is too big, and we need to do some things to the database to shrink the space, and it doesn't always work as expected. Sometimes, we have to follow one, two, or three steps to get the data and various scenarios to increase the number of steps because troubleshooting wasn't working.

If we implement MVISION, eventually, it would take around three hours because we have to install the software on the server. We have to do all the upgrades and implement some upgrades to the ePO software. Basically, it's three hours, but it can take five to six hours, depending on the data's size.

We implement this solution for our customers. If you are an engineer, and you have the experience, you can do it. If someone doesn't have experience with the OS, with Windows, or with the product, you might need specialized engineers.

For the issue of implementation costs, you require that the partner you use has qualified personnel to carry out this activity or you can use the professional services of McAfee, but these can be somewhat expensive.

Our clients ask us about other solutions like Cylance. I have one client that uses CrowdStrike. If you compare Cylance and McAfee Endpoint Security, the main difference is support. 

McAfee is excellent. You can ask any questions, and with a couple of clicks, you will find the answer to the issue. If you don't find it, you can open a support ticket. Sometimes, the McAfee solutions are very complex to configure. Just in some topics, but on the other hand, very simple to configure.

I recommend that the client needs to be aware of what McAfee can do for them. If the engineer can implement the solution, he'll just follow the book, and he's not going to get the best experience from the product.

To not impact the computer or the endpoint's performance, you need to finetune the policies. If the engineer doesn't have that kind of experience, you won't get the best out of the product. The client needs to get an engineer with a lot of performance tuning experience to get the most out of the product.

On a scale from one to ten, I would give McAfee Endpoint Security a nine.

The most valuable feature that I've found most useful is the availability of seamless AES 256 full-disk encryption.

I don't need to worry about the content of a laptop if it's lost or stolen. It provides better security of laptops when doing foreign travel.

I think encryption needs to move to an all hardware-based solution. Software encryption is less efficient than hardware-based. Intel purchased McAfee a few years ago, so this company is set up from the chipset point-of-view.

We've used it for six years.

Initially, we ran into issues running full-disk encryption and certain versions of disk defragmentation software. However, this has now been resolved.

There have been no issues with the stability.

We have had no issues scaling it for our needs.

9/10. I've found technical support to be very good and responsive.

We selected this endpoint protection solution due to its multi-platform support, not just Windows (e.g BitLocker). Other reasons were that it has enterprise key storage and recovery, which is very important to us.

It's fairly easy to get going. It's been around for a while now, and there are lots of use cases. You just just need to follow the best practice installation documentation.

We implemented it with the help of a McAfee vendor team.

Everything has a cost. During the initial product evaluation, price was considered but it was not a show stopper.

The central management console, ePO, is very useful. It incorporates file/folder encryption as well as encrypted thumb drive registration and policy management.

I use this solution for system security protection.

McAfee has helped our organization by keeping all of our computer systems secure from viruses or other intrusions.

The most valuable feature is the centralized console where everything can be controlled by the administration. McAfee is always improving and is coming out with advanced cloud strategies, you can always rely on them now and for many years ahead.

There are times the solution has some additional software added that is not fully integrated properly, such as Exchange Group Shield. It is quite old and is not fully integrated properly and could be improved.

In an upcoming release, there could be an improvement in performance. There are times the solution can use a lot of resources on the local machines. This normally happens when the system is scanning, the end-user can really notice the performance change. After every new version that is released, there are improvements made. However, there is still room for improvement.

I have been using this solution for approximately 15 years.

The stability is good, whenever there is an issue there is an update or solution to fix it shortly after.

The scalability has been good for us, we have not expanded very much to know more.

The technical support could be improved. We currently have business support and this has been a lot better than the regular support. The business support is more responsive and the resolutions are more thorough. 

The price of the solution is fair, we have a complete security package.

The solution is very good but it is useful and important to have good experience with the endpoint testing machine.

I rate McAfee Endpoint Security nine out of ten.